New
#1
This kind of thing is one of the reasons why I won't ever install Symantec software on any of my PCs.
Symantec admits it won't patch 'catastrophic' security flaws until mid-July | TheINQUIRERSymantec admits it won't patch 'catastrophic' security flaws until mid-July
SECURITY OUTFIT Symantec has warned customers that security flaws in the firm's systems outed by Google's Project Zero last month won't be fixed until mid-July.
Patches were rushed out to cover some of the "as bad as it gets" flaws identified by Project Zero, but patches to secure the fundamental architectural flaws are still some weeks away.
This kind of thing is one of the reasons why I won't ever install Symantec software on any of my PCs.
Way to go Symantec. I now regret having used your software for nearly a decade with another 2 years to go before my NS subscription expires. Talk about a rude awakening! Time to look for something new.
PS - Just remembered I have current subscriptions to BD Total Security & Kaspersky Internet Security. Thing is, are these safe or do they have security holes?
Probably all security products have security holes. It's just a matter of when they are discovered and how long it takes to get patched.
Symantec - the popular computer protector - may actually help hackers, feds warn - Jul. 7, 2016Symantec - the popular computer protector - may actually help hackers, feds warn
...Computer security experts have long voiced concerns that cybersecurity software is riddled with flaws. Researchers often focus lots of attention to spot mistakes in popular computer programs, but they devote little time to strengthening the popular software used as protection.
Symantec is no exception.
"By installing their software you're actually making yourself less secure. There's an irony in that," said Jack Daniel, a computer security expert in Massachusetts.
Symantec said it has not yet seen hackers exploiting these bugs to enter people's computers. But in the computer world, that could mean that no one's been caught.
"Symantec Response
Symantec has verified these issues and addressed them in product updates as identified in the solution portion of the affected products matrix above. We have also added additional checks to our Secure Development LifeCycle to mitigate similar issues in future.
Symantec is not aware of these vulnerabilities being exploited in the wild.
To fully mitigate the identified vulnerabilities, Symantec recommends applying the required patches to the affected products as soon as possible. This is the only means to ensure that installed products cannot be exploited. Symantec has released the following list of AV signatures in an effort to block/detect attempts at exploitation.
Vulnerabilities
Signatures
LiveUpdate rev.
RAR decompression memory access violation
EXP.CVE-2016-2207
20160628.037
Dec2SS buffer overflow
EXP.CVE-2016-2209
20160628.037
Dec2LHA buffer overflow
EXP.CVE-2016-2210
20160628.037
CAB decompression memory corruption
EXP.CVE-2016-2211
20160628.037
MIME message modification memory corruption
EXP.CVE-2016-3644
20160628.037
TNEF integer overflow
EXP.CVE-2016-3645
20160628.037
ZIP decompression memory access violation
EXP.CVE-2016-3646
20160628.037
Update Information
All Norton products have been updated through LiveUpdateTM. Customers of Symantec Enterprise products should check the chart below to determine which products have been updated automatically and which require product updates."
The way I read this is that Symantec has already addressed and fixed the problem.
Not that I worry but since using windows 10, I have not been able to install and run for more than a week any 3rd party antivirus without defender kicking up not letting updates through, so I have just accepted that and keep defender and paid for malwarebyghtes, cant do with the hassle of fighting Microsoft.:).
From my reading of this Symantec has addressed most of the problems but the major one on the workstations has yet to be addressed:
"The cloud-based versions of Symantec's Endpoint Protection Small Business Edition will finally be updated this week, but users of the workstation versions will have to wait weeks."